CVE-2018-18454

Опубликовано: 18 окт. 2018

Источник: debian

EPSS Низкий

Описание

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xpdf	unfixed			package

Примечания

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
no security impact, crash in CLI tool

EPSS

Процентиль: 66%

0.00526

Низкий

Связанные уязвимости

CVE-2018-18454

CVSS3: 5.5

ubuntu

больше 7 лет назад

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

CVE-2018-18454

CVSS3: 5.5

nvd

больше 7 лет назад

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

GHSA-63cv-x9fq-ccgh

CVSS3: 5.5

github

больше 3 лет назад

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

SUSE-SU-2023:4187-1

suse-cvrf

больше 2 лет назад

Security update for poppler

SUSE-SU-2023:4362-1

suse-cvrf

больше 2 лет назад

Security update for poppler

EPSS

Процентиль: 66%

0.00526

Низкий